項目鏈接
人往高處走水往低處流不努力是不行的,雖然看不懂但是一點點來吧,
1.權限管理簡介:(個人理解)
上級與下級的關系,總經理有管理全公司的權限,而財務只有管理公司財務與開支的權限,
小組組長有管理一個小組工作任務的權限,而普通的員工只有領導賦予 的基本權限。
2.RBAC模型:
基於角色的訪問控制(RBAC)是實施面向企業安全策略的一種有效的訪問控制方式。
中文名基於角色的訪問控制外文名RBAC(Role-Based Access Control)解 釋訪問控制方式基本思想建立一個角色集合
其基本思想是,對系統操作的各種權限不是直接授予具體的用戶,而是在用戶集合與權限集合之間建立一個角色集合。每一種角色對應一組相應的權限。一旦用戶被分配了適當的角色后,該用戶就擁有此角色的所有操作權限。這樣做的好處是,不必在每次創建用戶時都進行分配權限的操作,只要分配用戶相應的角色即可,而且角色的權限變更比用戶的權限變更要少得多,這樣將簡化用戶的權限管理,減少系統的開銷。
| 用法就是先把角色賦予權限,然后再把角色賦予用戶, 表與表之間是多對多的關系。一個用戶可以授予多個角色。 |
2.1RBAC功能模塊
2.2 數據庫設計
數據表ddl
/*
Navicat Premium Data Transfer
Source Server : local
Source Server Type : MySQL
Source Server Version : 50725
Source Host : localhost:3306
Source Schema : admin
Target Server Type : MySQL
Target Server Version : 50725
File Encoding : 65001
Date: 01/07/2021 11:17:26
*/
SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;
-- ----------------------------
-- Table structure for migrations
-- ----------------------------
DROP TABLE IF EXISTS `migrations`;
CREATE TABLE `migrations` (
`id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
`migration` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`batch` int(11) NOT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 3 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of migrations
-- ----------------------------
INSERT INTO `migrations` VALUES (1, '2014_10_12_000000_create_users_table', 1);
INSERT INTO `migrations` VALUES (2, '2014_10_12_100000_create_password_resets_table', 1);
-- ----------------------------
-- Table structure for password_resets
-- ----------------------------
DROP TABLE IF EXISTS `password_resets`;
CREATE TABLE `password_resets` (
`email` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`token` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`created_at` timestamp(0) NULL DEFAULT NULL,
INDEX `password_resets_email_index`(`email`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of password_resets
-- ----------------------------
-- ----------------------------
-- Table structure for permission
-- ----------------------------
DROP TABLE IF EXISTS `permission`;
CREATE TABLE `permission` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '權限標題',
`urls` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '對應頁面的url',
`status` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
`updated_at` timestamp(0) NULL DEFAULT NULL,
`created_at` timestamp(0) NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 2 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci COMMENT = '權限表' ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of permission
-- ----------------------------
INSERT INTO `permission` VALUES (1, '后台登錄權限', 'App\\Http\\Controllers\\Admin\\LoginController@index', NULL, NULL, NULL);
-- ----------------------------
-- Table structure for role
-- ----------------------------
DROP TABLE IF EXISTS `role`;
CREATE TABLE `role` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
`status` int(11) NULL DEFAULT NULL,
`updated_at` timestamp(0) NULL DEFAULT NULL,
`created_at` timestamp(0) NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 2 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci COMMENT = '角色表' ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of role
-- ----------------------------
INSERT INTO `role` VALUES (1, '皇帝', NULL, NULL, NULL);
-- ----------------------------
-- Table structure for role_permission
-- ----------------------------
DROP TABLE IF EXISTS `role_permission`;
CREATE TABLE `role_permission` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`role_id` int(11) NULL DEFAULT NULL COMMENT '角色id',
`permission_id` int(11) NULL DEFAULT NULL COMMENT '對應權限表的權限id',
`created_at` timestamp(0) NULL DEFAULT NULL,
`updated_at` timestamp(0) NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 2 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci COMMENT = '角色權限關系表' ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of role_permission
-- ----------------------------
INSERT INTO `role_permission` VALUES (1, 1, 1, NULL, NULL);
-- ----------------------------
-- Table structure for user_role
-- ----------------------------
DROP TABLE IF EXISTS `user_role`;
CREATE TABLE `user_role` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`user_id` int(11) NULL DEFAULT NULL COMMENT '用戶id',
`role_id` int(11) NULL DEFAULT NULL COMMENT '角色id',
`created_at` timestamp(0) NULL DEFAULT NULL,
`updated_at` timestamp(0) NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 3 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci COMMENT = '用戶角色關系表' ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of user_role
-- ----------------------------
INSERT INTO `user_role` VALUES (2, 1, 1, NULL, NULL);
-- ----------------------------
-- Table structure for users
-- ----------------------------
DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` (
`id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
`username` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`email` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`password` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`remember_token` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NULL DEFAULT NULL,
`created_at` timestamp(0) NULL DEFAULT NULL,
`updated_at` timestamp(0) NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE,
UNIQUE INDEX `users_email_unique`(`email`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 2 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of users
-- ----------------------------
INSERT INTO `users` VALUES (1, 'admin', '762301880@qq.com', 'admin', NULL, NULL, NULL);
SET FOREIGN_KEY_CHECKS = 1;
3.粗略的邏輯設計
3.1給角色授權
得到角色列表
public function index()
{
//
$role = Role::get();
return view('admin.role.list', compact('role'));
}
3.2授權
獲取當前頁面的信息
public function auth($id, Request $request)
{ #獲取當前角色
$role = Role::find($id);
#獲取所有的權限列表
$perms = Permission::get();
#獲取當前用戶已經擁有的角色
$own_perms = $role->permission;
$own_pers = [];
foreach ($own_perms as $v) {
$own_pers[] = $v->id;
}
return view('admin.role.auth', compact('role', 'perms', 'own_pers'));
}
添加授權
public function doauth(Request $request)
{
$input = $request->except('_token');
//刪除當前角色已有的權限
\DB::table('role_permission')->where('role_id', $input['id'])->delete();
#添加新賦予的權限
try{
if (!empty($input['permission_id'])){
foreach ($input['permission_id'] as $v) {
\DB::table('role_permission')->insert(['role_id'=>$input['id'],'permission_id'=>$v]);
}
}
return redirect('admin/role');
}catch (\Exception $exception){
return $exception->getMessage();
}
}
3.2當然還有用戶授權這里就不過多的演示
3.3 需要注意的模型類
public function permission()
{
return $this->belongsToMany(Permission::class,'role_permission','role_id','permission_id');
}
4核心代碼控制授權的中間件(注意使用的時候注冊)
public function handle($request, Closure $next)
{
#1.獲取當前請求的路由 對應的控制器方法名
// "App\Http\Controllers\Admin\LoginController@index"
$route = \Route::current()->getActionName();
#2.獲取當前用戶的權限組
$user = Users::find(session()->get('user')->id);#獲取當前用戶
#獲取當前用戶的角色
$roles = $user->Role;
#根據用戶擁有的角色,找對應的權限
$arr = [];#存放url
foreach ($roles as $v) {
$perms = $v->permission;
foreach ($perms as $perm) {
$arr[] = $perm->urls;
}
}
$permission=Permission::pluck('urls')->toArray();
#如果當前請求的路由存在於全部權限中,並且當前請求的路由擁有權限中放行
if (in_array($route, $permission)&&in_array($route, $arr)) {
return $next($request);
}else{
return redirect('noaccess');
}
}
使用方式再需要約束的路由后面單個添加中間件
例子
Route::post('user/auth/edit','UserAuthController@edit')->middleware('hasRole');